Who’ll defend the Army National Guard from a Sloppy User?

The Army National Guard is the latest government agency to fall victim to a security breach.

While this breach affecting some 850,000 Americans has taken a back seat to the massive OPM hack that affected over 21.5 million current and former federal employees, it shines a spotlight on human error and the potential damage that can come as a result. The Guard’s spokesman Kurt Rauschenberg told the Army Times that “Although this matter is identified as a breach, technically, it was more of a poor security practice,” arguing that this severe incident was not motivated by malicious intent.

In a news release announcing the breach, National Guard Bureau spokesman Maj. Earl Brown said a contract employee inadvertently transferred the data to a non-accredited data center. A later report suggested the employee was involved in a budget analysis, offering an explanation to the access level and the motivation behind the compromising data extraction.

While there is no quick fix for enhanced employee security awareness, and given there is no doubt improved organizational awareness is bringing these incidents to our collective consciousness, the question remains:

Why do organizations still allow unsupervised mobilization of sensitive data?

This question has two layers: first, over the very principle of having sensitive data in a format that enables its extraction and removal from the corporate environment, and second, over the notion that a single employee can permanently hold the access rights that enable such mistakes from happening. In a post-Snowden reality, we should come to expect government agencies to invest more in creating safe-to-use IT environments that pose minimal threat to their (and our) sensitive information.

Using data as an enabler stands at the core of our philosophy for cyber security. Obviously, with BI dominating a large course of organizational operations, analysts and execs need to reach out and use their data without the danger of possible compromise. Rather than constraining the current IT environment, we propose to utilize the fact that it generates mass repositories of log-information, to rapidly detect and respond to threats that standard security protocols don’t handle.